Security breaches cost businesses US$551,000 each: Kaspersky Labs

New report shows enterprise spends an average of US$551,000 to recover from security breaches.

Security breaches cost enterprise an average of $US551,000, according to a report released by Kaspersky Labs.

The worldwide survey of 5500 companies also found SMBs are forced to pay US$38,000 on average in the aftermath of a cyber-attack.

Kaspersky Lab head of market intelligence, Brian Burke, said the industry had not seen too many reports on the consequences of IT security breaches, estimating a loss in real money.

"It is hard to come up with a reliable method of producing an average, but we understood that we had to do it, to bridge the theory of the corporate threat landscape with business practice. As a result, we have a list of corporate threats that caused the most significant damage - the ones we believe businesses should pay the utmost attention to," he said.

According to the report, the most expensive types of security breaches are employee fraud, cyber-espionage, network intrusion and the failure of third party suppliers.

As part of the study, Kaspersky Labs has released a list of the average bill for a breached enterprise.

Professional services (IT, risk management, lawyers): up to US$84,000 with a probability of 88 percent

Lost business opportunities: up to US$203,000 at 29 percent

Downtime: up to US$1.4 million, 30 percent

Total average: US$551,000

Indirect spend: up to US$69,000

Including reputation damage: up to US$204,750

Kaspersky said nine out of ten companies that took part in the survey reported at least one security incident. However, not all these incidents were serious and/or lead to the loss of sensitive data.

The security firm said a serious security breach is most frequently the result of a malware attack, phishing, leaks of data by employees and exploited vulnerable software.

In addition, the report showed large companies pay significantly more when a security breach is the result of a trusted third party failure. Other expensive types of breaches detailed include fraud by employees, cyber-espionage and network intrusion.

Kaspersky said SMBs tend to lose a significant amount of money on almost all types of breaches, paying a similar high price on recovering from acts of espionage, as well as DDoS and phishing attacks.